2cfef3bc3a
Reconfigure Heat user to be in "service" project like all other services do. Change-Id: I08b5d672e8dee9efe1a9161f9b903c4e9fd54786
109 lines
4.3 KiB
YAML
109 lines
4.3 KiB
YAML
dsl_version: 0.1.0
|
|
service:
|
|
name: heat-api
|
|
ports:
|
|
- {{ heat.api_port }}
|
|
containers:
|
|
- name: heat-api
|
|
image: heat-api
|
|
# TODO(drusskikh): add probes
|
|
probes:
|
|
readiness: "true"
|
|
liveness:
|
|
command: "true"
|
|
type: "exec"
|
|
pre:
|
|
- name: heat-db-create
|
|
dependencies:
|
|
- {{ service.database }}
|
|
type: single
|
|
command:
|
|
mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ heat.db.name }};
|
|
grant all privileges on {{ heat.db.name }}.* to '{{ heat.db.username }}'@'%' identified by '{{ heat.db.password }}';"
|
|
- name: heat-db-sync
|
|
files:
|
|
- heat-conf
|
|
dependencies:
|
|
- heat-db-create
|
|
type: single
|
|
command: heat-manage db_sync
|
|
- name: heat-user-create
|
|
dependencies:
|
|
- keystone-create-project
|
|
type: single
|
|
command:
|
|
openstack user create --domain default --password {{ heat.password }} {{ heat.user }}
|
|
- name: heat-admin-role-add
|
|
dependencies:
|
|
- heat-user-create
|
|
type: single
|
|
command:
|
|
openstack role add --project service --user {{ heat.user }} admin
|
|
- name: heat-service-create
|
|
dependencies:
|
|
- keystone-create-project
|
|
type: single
|
|
command:
|
|
openstack service create --name heat --description "OpenStack orchestration service" orchestration
|
|
- name: heat-public-endpoint-create
|
|
dependencies:
|
|
- heat-service-create
|
|
type: single
|
|
command:
|
|
openstack endpoint create --region RegionOne orchestration public {{ address('heat-api', heat.api_port, external=True, with_scheme=True) }}/v1/%\(tenant_id\)s
|
|
- name: heat-internal-endpoint-create
|
|
dependencies:
|
|
- heat-service-create
|
|
type: single
|
|
command:
|
|
openstack endpoint create --region RegionOne orchestration internal {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s
|
|
- name: heat-admin-endpoint-create
|
|
dependencies:
|
|
- heat-service-create
|
|
type: single
|
|
command:
|
|
openstack endpoint create --region RegionOne orchestration admin {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s
|
|
# Orchestration requires additional information in the Identity service to manage stacks.
|
|
# For detailed explanation see: http://docs.openstack.org/project-install-guide/orchestration/newton/install-ubuntu.html
|
|
- name: heat-create-domain
|
|
type: single
|
|
command:
|
|
openstack domain create --description "Owns users and projects created by heat" {{ heat.domain.name }}
|
|
- name: heat-domain-admin-user-create
|
|
type: single
|
|
command:
|
|
openstack user create --domain {{ heat.domain.name }} --password {{ heat.domain.password }} {{ heat.domain.user }}
|
|
dependencies:
|
|
- heat-create-domain
|
|
- name: grant-doman-user-admin-privileges
|
|
type: single
|
|
command:
|
|
openstack role add --domain {{ heat.domain.name }} --user-domain {{ heat.domain.name }} --user {{ heat.domain.user }} admin
|
|
dependencies:
|
|
- heat-domain-admin-user-create
|
|
# You must add the heat_stack_owner role to each user that manages stacks after addinf new users.
|
|
- name: heat-stack-owner-role-create
|
|
type: single
|
|
command:
|
|
openstack role create heat_stack_owner
|
|
dependencies:
|
|
- grant-doman-user-admin-privileges
|
|
# The Orchestration service automatically assigns the heat_stack_user role to users that it creates during stack deployment.
|
|
- name: heat-stack-user-role-create
|
|
type: single
|
|
command:
|
|
openstack role create heat_stack_user
|
|
dependencies:
|
|
- grant-doman-user-admin-privileges
|
|
daemon:
|
|
dependencies:
|
|
- rabbitmq
|
|
files:
|
|
- heat-conf
|
|
command: heat-api --config-file /etc/heat/heat.conf
|
|
|
|
files:
|
|
heat-conf:
|
|
path: /etc/heat/heat.conf
|
|
content: heat.conf.j2
|